On Thursday, February 27, 2014 03:07:55 PM Stephen Smalley wrote: > Looking at Fedora policy, there are differences in what domains are > allowed mmap_zero vs sys_rawio, although I don't know how > intentional/meaningful that is. > > sesearch -A -p mmap_zero > vs > sesearch -A -p sys_rawio > > Why for example does cupsd_t have sys_rawio? That's rather disturbing. > > I guess you should keep the separate check until those differences are > resolved. No more comments overnight so I'm going to go ahead and push this to next with your ack added. We can always remove the SELinux check at a later date. Thanks. -- paul moore security and virtualization @ redhat _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
